CVE-2024-42514

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-42514
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user interaction and could allow an attacker to access sensitive information and send unauthorized messages during an active chat session.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0024-001-v2.pdf
https://www.mitel.com/support/security-advisories
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0024
Configurations

No configuration.

History

07 Oct 2024, 19:37

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.1 		v2 : unknown
v3 : 8.1

03 Oct 2024, 16:15

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en el componente de chat heredado de Mitel MiContact Center Business hasta la versión 10.1.0.4 podría permitir que un atacante no autenticado realice un ataque de acceso no autorizado debido a controles de acceso inadecuados. Una explotación exitosa podría permitir que un atacante acceda a información confidencial y envíe mensajes no autorizados.
Summary (en) A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit could allow an attacker to access sensitive information and send unauthorized messages. (en) A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user interaction and could allow an attacker to access sensitive information and send unauthorized messages during an active chat session.
References
  • () https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0024-001-v2.pdf -

01 Oct 2024, 20:35

Type Values Removed Values Added
CWE CWE-284
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.1

01 Oct 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-01 19:15

Updated : 2024-10-07 19:37

NVD link : CVE-2024-42514

Mitre link : CVE-2024-42514

CVE.ORG link : CVE-2024-42514

JSON object : View

Products Affected

No product.

CWE
CWE-284

Improper Access Control


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024